REMARKS 

Claims 1-26 are currently pending. In the July 2, 2007 Office Action, the Examiner 
withdrew the previous rejection under 35 U.S.C. § 101, but maintained the previous claim 
rejections under 35 U.S.C. § 103(a) as being unpatentable over various combinations of U.S. 
Patent No. 6,691,232 to Wood ("Wood"), U.S. Patent No. 5,339,403 to Parker ("Parker"), U.S. 
Patent No. 6,766,454 to Riggins ("Riggins"), U.S. Patent No. 5,339,403 to Olden ("Olden"), and 
U.S. Patent No. 6,754,829 to Butt ("Butt"). Applicant appreciates the withdrawal of the double 
patenting rejection, but respectfully traverses the pending art rejections for the reasons set forth 
hereinbelow. In addition, it appears from the latest Office Action that claim 9 has not been 
rejected over the cited references, and Applicant therefore requests that a notice of allowability 
be issued for at least claim 9. 

A. Claims 1. 3, 11. 13, 19 and 21 Are Not Obvious Over Wood and Parker 

In response to the Examiner's rejection of claims 1,3, 11, 13, 19 and 21 as being obvious 
over Wood in view of Parker, Applicant respectfully requests reconsideration and withdrawal of 
the rejection because the Examiner has not established a prima facie case of obviousness. To 
establish prima facie obviousness of a claimed invention, all the claim limitations must be taught 
or suggested by the prior art. In re Rovka , 490 F.2d 981, 180 USPQ 580 (CCPA 1974); In re 
Wilson , 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). Where a rejection is based on 
the assertion that all claim limitations are found in a number of prior art references, the fact 
finder must determine "[w]hat the prior art teaches, whether it teaches away from the claimed 
invention, and whether it motivates a combination of teachings from different references." In re 
Fulton , 391 F.3d 1195, 1199-1200 (Fed. Cir. 2004). 

As a preliminary matter, a prima facie case of obviousness has not been established 
because, as noted above, none of the references, alone or in combination, discloses or suggests 
using a single sign-on (SSO) agent to not only (1) authenticate a user in response to an initial 
authentication request by obtaining or retrieving an attribute certificate having authentication 
data for the user, but also to (2) authenticate the user for subsequent authentication requests made 
by the SSO agent by using authentication data contained within the attribute certificate, as 
variously recited in claims 1,11 and 19. See, e.g., claim 1 ("authenticating the user at the SSO 
agent for the initial authentication request; retrieving by the SSO agent an attribute certificate 
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associated with the user; and authenticating the user for subsequent authentication requests via 

the SSO agent using authentication data within the attribute certificate.") (emphasis added). 

The central role played by the SSO agent is described in the Application as follows: 

[0091] It should be noted that, in the preferred embodimen t, the client SSO manager 
requests and receives an attribute certificate from an attribute certificate authority because 
it is assumed that the client SSO manager adheres to all PKIX protocols. By obtaining 
and storing an independently issued attribute certificate, the attribute certificate can be 
verified as an authenticate certificate by a third-party application. Moreover, if the client 
SSO manager were to be modified or replaced at some point in time, the attribute 
certificate could be independently verified as authenticate and then could be used by 
another SSO application. 

[0093] After obtaining or generating the attribute certificate, thereby completing the 
configuration phase, user 510 will, at some subsequent point in time, desire to interact 
with one or more legacy applications 502 on application server 504. Using an appropriate 
protocol with client SSO manager 510, application server 504 initiates a session for user 
500 and requests the user's authentication information for one or more legacy 
applications. For simplicity of presentation, it can be assumed that the user is initially 
attempting to access only a single protected resource. 

[0094] Preferably before, but possibly after, initiating the session with the application 
server, the client SSO manager challenges the user to complete an authentication process. 
Assuming that the user successfully completes this initial sign-on process, the client SSO 
manager acts as the user's agent to perform any subsequent authentication processing on 
behalf of the user . 

[0095] Continuing with the example, client SSO manager 510 retrieves attribute 
certificate 530 containing encrypted authentication attributes 526. Client SSO manager 
510 locates the appropriate "SvceAuthlnfo" attribute within attribute certificate 530 using 
the "service" field that corresponds to the legacy application that the user is attempted to 
access. Client SSO manager 510 then extracts the associated "authinfo" data for the 
corresponding legacy application . 

U.S. Patent Publication No. 2002/0144119 (emphasis added). 

The centrality of the SSO agent to the initial and subsequent authentication requests is 

simply not addressed by either of the cited Wood or Parker references, nor by the Examiner's 

analysis thereof. Nor does either reference (or the Examiner's analysis thereof) meet the 

requirement that the SSO agent use authentication data from the attribute certificate to 

authenticate the user for subsequent authentication requests, as required in the claims. On this 

point, Applicant respectfully submits that the rejection analysis in no way acknowledges the 

specifically-claimed role of the SSO agent in both the initial authentication request and in the 

subsequent authentications requests. See, Final Office Action , p. 3. Indeed, the cited passage 
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from Parker offered by the Examiner to meet the requirement of an "attribute certificate" 

(Parker, col. 1, lines 40-50) confirms that the user, and not any SSO agent, presents the privilege 

attribute certificate (PAC) to an application as evidence of the user's access rights. See, Parker, 

col. 1, lines 40-50 ("According to the invention there is provided a distributed computer system 

capable of supporting a plurality of users and a plurality of applications, the system including an 

authentication unit for authenticating a user and issuing that user with a privilege attribute 

certificate (PAC) which can then be presented to an application by the user as evidence of the 

user's access rights . . . .") (emphasis added). Thus, Parker discloses that the user presents the 

privilege attribute certificate, and suggests no role for an SSO agent in this sequence. 

As seen from the foregoing (and putting aside for the moment to propriety of combining 

the Wood and Parker), a prima facie case of obviousness has not been established because 

neither Wood nor Parker disclose or suggest using an SSO agent to both (1) authenticate a user 

in response to an initial authentication request, and to (2) authenticate the user for subsequent 

authentication requests using authentication data from an attribute certificate that is retrieved the 

SSO agent. Accordingly, claims 1,11 and 19 are allowable. To the extent that dependent claims 

3,13 and 21 each respectively incorporate the requirements of independent claims 1,11 and 19, 

these dependent claims are likewise allowable, even though there are additional differences 

recited in the dependent claims. For example, claims 3, 13 and 21 each variously recited that the 

authentication data is forwarded from the SSO agent to the protected resource. Again, this 

requirement is not met by either of the cited Wood or Parker references. For at least the 

foregoing reasons, Applicant respectfully requests that the obviousness rejections of claims 1, 3, 

11, 13, 19 and 21 over Wood and Parker be withdrawn and that the claims be allowed. 

B. Claims 2, 5, 12, 15, 20 and 23 Are Not Obvious Over Wood, Parker and 
Riggins 

In response to the Examiner's rejection of claims 2, 5, 12, 15, 20 and 23 as being obvious 
over Wood, Parker and Riggins, Applicant respectfully requests reconsideration and withdrawal 
of the rejection because, as explained above with reference to independent claims 1,11 and 19, 
none of the references disclose or suggest using a single sign-on (SSO) agent to not only (1) 
authenticate a user in response to an initial authentication request by obtaining or retrieving an 
attribute certificate having authentication data for the user, but also to (2) authenticate the user 
for subsequent authentication requests made by the SSO agent by using authentication data 
contained within the attribute certificate, as variously recited in claims 1,11 and 19. Likewise, 
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none of the references disclose that the authentication data is forwarded from the SSO agent to 

the protected resource, as variously recited in claims 3,13 and 21 from which claims 5,15 and 

23 depend. In particular, the deficiencies noted above with respect to Wood and Parker are not 

remedied by the disclosure of Riggins. 

To establish prima facie obviousness of a claimed invention, all the claim limitations 

must be taught or suggested by the prior art. In re Rovka , 490 F.2d 981, 180 USPQ 580 (CCPA 

1974); In re Wilson , 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). Putting aside for 

the moment to propriety of combining these three references, a prima facie case of obviousness 

has not been established because none of the Wood, Parker or Riggins references disclose 

Applicant's use of an SSO agent for authenticating a user for an initial and subsequent 

authentication requests using authentication data from an attribute certificate obtained by the 

SSO agent. For at least the foregoing reasons, Applicant respectfully requests that the 

obviousness rejections of claims 2, 5, 12, 15, 20 and 23 over Wood, Parker and Riggins be 

withdrawn and that the claims be allowed. 

C. Claims 4, 6, 7, 10, 14, 16, 17, 22, 24 and 25 Are Not Obvious Over Wood, 
Parker and Olden 

In response to the Examiner's rejection of claims 4, 6, 7, 10, 14, 16, 17, 22, 24 and 25 as 
being obvious over Wood, Parker and Olden, Applicant respectfully requests reconsideration and 
withdrawal of the rejection because, as explained above with reference to independent claims 1, 
1 1 and 19, none of the references disclose or suggest using a single sign-on (SSO) agent to not 
only (1) authenticate a user in response to an initial authentication request by obtaining or 
retrieving an attribute certificate having authentication data for the user, but also to (2) 
authenticate the user for subsequent authentication requests made by the SSO agent by using 
authentication data contained within the attribute certificate, as variously recited in claims 1,11 
and 19. Likewise, none of the references disclose that the authentication data is forwarded from 
the SSO agent to the protected resource, as variously recited in claims 3,13 and 21 from which 
claims 4, 6, 14, 16, 22 and 24 depend. In particular, the deficiencies noted above with respect to 
Wood and Parker are not remedied by the disclosure of Olden. 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. In re Rovka , 490 F.2d 981, 180 USPQ 580 (CCPA 
1974); In re Wilson , 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). Putting aside for 
the moment to propriety of combining these three references, a prima facie case of obviousness 
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has not been established because none of the Wood, Parker or Olden references disclose 
Applicant's use of an SSO agent for authenticating a user for an initial and subsequent 
authentication requests using authentication data from an attribute certificate obtained by the 
SSO agent. For at least the foregoing reasons, Applicant respectfully requests that the 
obviousness rejections of claims 4, 6, 7, 10, 14, 16, 17, 22, 24 and 25 over Wood, Parker and 
Olden be withdrawn and that the claims be allowed. 

D. Claims 8, 18 and 26 Are Not Obvious Over Wood, Parker and Butt 
In response to the Examiner's rejection of claims 8, 18 and 26 as being obvious over 
Wood, Parker and Butt, Applicant respectfully requests reconsideration and withdrawal of the 
rejection because, as explained above with reference to independent claims 1,11 and 19, none of 
the references disclose or suggest using a single sign-on (SSO) agent to not only (1) authenticate 
a user in response to an initial authentication request by obtaining or retrieving an attribute 
certificate having authentication data for the user, but also to (2) authenticate the user for 
subsequent authentication requests made by the SSO agent by using authentication data 
contained within the attribute certificate, as variously recited in claims 1,11 and 19. In 
particular, the deficiencies noted above with respect to Wood and Parker are not remedied by the 
disclosure of Butt. 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. In re Rovka , 490 F.2d 981, 180 USPQ 580 (CCPA 
1974); In re Wilson , 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). Putting aside for 
the moment to propriety of combining these three references, a prima facie case of obviousness 
has not been established because none of the Wood, Parker or Butt references disclose 
Applicant's use of an SSO agent for authenticating a user for an initial and subsequent 
authentication requests using authentication data from an attribute certificate obtained by the 
SSO agent. For at least the foregoing reasons, Applicant respectfully requests that the 
obviousness rejections of claims 8, 18, and 26 over Wood, Parker and Olden be withdrawn and 
that the claims be allowed. 
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CONCLUSION 



In view of the amendments and remarks set forth herein, the application is believed to be 
in condition for allowance and a notice to that effect is solicited. Nonetheless, should any issues 
remain that might be subject to resolution through a telephonic interview, the Examiner is 
requested to telephone the undersigned at (512) 338-9100. 
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/Michael Rocco Cannatti/ 
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